| Summary: | Secondary/backup ldap server need to be setup | ||
|---|---|---|---|
| Product: | Infrastructure | Reporter: | Nicolas Vigier <boklm> |
| Component: | Others | Assignee: | Sysadmin Team <sysadmin-bugs> |
| Status: | NEW --- | QA Contact: | |
| Severity: | enhancement | ||
| Priority: | High | CC: | bgmilne, marja11, misc, sysadmin-bugs |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | i586 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Source RPM: | CVE: | ||
| Status comment: | |||
| Bug Depends on: | |||
| Bug Blocks: | 859 | ||
|
Description
Nicolas Vigier
2011-04-17 18:05:01 CEST
Nicolas Vigier
2011-04-17 18:11:47 CEST
Blocks:
(none) =>
859 We also need to change ldap setup on almost every service to take this in account ( ie, to not discover that every service only use 1 ldap server and that this server is down ). CC:
(none) =>
misc
Nicolas Vigier
2011-04-18 18:49:48 CEST
CC:
(none) =>
sysadmin-bugs As we suffered of a problem due to lack of ldap server, I bump the criticity and take the bug. Priority:
Normal =>
High
Michael Scherer
2011-05-29 02:00:55 CEST
Status:
NEW =>
ASSIGNED
Ahmad Samir
2011-05-29 02:51:50 CEST
Summary:
Redundant ldap server need to be setup =>
Secondary/backup ldap server need to be setup I created 1 class for a secondary ldap server, i am deploying it on krampouezh for now, I defer the modification of application after the release ( setting ldap on krampouezh should not cause much trouble ) So, it seems to work fine, now, we need to make sure every application : - can use 2 ( or more ) ldap server - use another server if the first one is down So we have : - sympa - tx ( and any django application in fact ) - forums - catdap ( write access ) - shell/pam ( rabbit, champagne ) - postfix - mga-mirrors ( not deployed yet but asked by nanar ) - maintainer db - wiki Postfix is ok for that : http://www.postfix.org/ldap_table.5.html Django/transifex do not seems to explicitely offer, but maybe this is handled by openldap directly ( else we will have to patch, should not be hard ) Pam_ldap, nss_ldap support more than one server, this should be ok ( we use at zarb ). catdap requires write access, so this is likely not going to work as we have readonly backup so far Sympa and ldap is lenghty topic : http://www.sympa.org/manual/ldap . We use for auth, named filter, and subscriber. This need to be checked in details. Phpbb/forums, I do not think it would work or like Django/tx. For mga-mirrors, I guess we can tweak ( first develop the feature first for 1 server ) Regardin wiki, this should be checked once deployed, depending on how the authentication is done. For maintdb, I guess we can ask to kosmas to add support for that ? As postfix is IMHO the more urgent, followed by pam_ldap. Forums is likely important, followed by tx. For maintdb, wiki, mga-mirrors, this can wait until they are deployed ( or deployed with ldap support ). And for sympa, depending on the part of the support ( subscriber list ) is IMHO important or can become important later. Postfix is done python-ldap seems to switch to the 2nd server if the first one do not exist ( tested with a script ). So tx is done. ANd I think that's a feature of openldap ( according to the man page of ldap_initialize ). So this could likely solve the issue for phpbb too, depending on the code. So after checking php-ldap documentation and phpbb source code, I have enabled 2 ldap server on forums. Next one is pam_ldap.
Buchan Milne
2011-05-30 18:19:41 CEST
CC:
(none) =>
bgmilne Do you mind giving the last news on this bug? CC:
(none) =>
marja11 setting status back to NEW because misc left Status:
ASSIGNED =>
NEW |